Editor's PickForexLabour Party members’ data hit by cyber incident

November 4, 2021

The Labour Party has been affected by a “cyber incident” involving its members’ data resulting in “a significant quantity” of party data “rendered inaccessible on their systems”.

Labour said it was told on 29 October that it had been affected by the event by a third party firm that handled membership data on its behalf.

The Information Commissioner’s Office and National Cyber Security Centre are both looking into the incident.

In a statement, Labour said it was working closely with the two authorities, as well as the National Crime Agency, to find out what had happened.

The party also said it was “working closely and on an urgent basis with the third party in order to understand the full nature, circumstances and impact of the incident”, but that its own data systems were unaffected.

Labour has yet to reveal who the third party is, the scale of the incident or what type of data was affected.

But it did say the incident involved information provided to the party by its “members, registered and affiliated supporters, and other individuals who have provided their information”.

Commenting on the leak Mike Campfield, VP of EMEA Operations, ExtraHop, said: “The Labour party’s supply chain attack has left the party warning members’ their data, stored by a third party supplier, may have been breached. This tactic is quickly becoming a firm favourite among bad actors, with this being the third critical supply chain attack on record this year.

Organisations are more and more reliant on external entities for services, but if third party suppliers have little to no ability to defend against these attacks, organisations have no chance of protecting themselves. Knowing your suppliers to assess and understand blind spots is vital to fighting against these looming threats. If just one supplier’s security processes trails behind the rest, it quickly becomes the weakest link and therefore most attractive entry point for bad actors.

Zero trust frameworks, which assume you can’t trust anyone, are being adopted to fight supply chain attacks. However, this isn’t enough to keep bad actors out. Businesses need visibility to understand how to identify if anything is lurking on their IT network. When organisations have complex supply chains, they need visibility across all customers to protect against any threats. It’s a must to be able to see activity, including any files going into or leaving their IT environment, even in an encryption event, that can be identified to know the extent of potential damage.”

Leave a Reply

Your email address will not be published. Required fields are marked *

Disclaimer: SmartPeopleMail.com, its managers, its employees, and assigns (collectively “The Company”) do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.

Copyright © 2021 SmartPeopleMail. All Rights Reserved.

IT'S YOUR OPPORTUNITY OF THE YEAR!
Subscribe for FREE today and get your daily shot of smart news about the Economy and Investing.
We are dedicated to keeping any data we collect from you — safe and secure. Here you can read our privacy policy.